• Title/Summary/Keyword: Zombi PC.

Search Result 2, Processing Time 0.014 seconds

Detection System Model of Zombie PC using Live Forensics Techniques (활성 포렌식 기술을 이용한 좀비 PC 탐지시스템 모델)

  • Hong, Jun-Suk;Park, Neo;Park, Won-Hyung
    • The Journal of Society for e-Business Studies
    • /
    • v.17 no.3
    • /
    • pp.117-128
    • /
    • 2012
  • There was a large scale of DDoS(Distributed Denial of Service) attacks mostly targeted at Korean government web sites and cooperations's on March 4, 2010(3.4 DDoS attack) after 7.7 DDoS on July 7, 2009. In these days, anyone can create zombie PCs to attack someone's website with malware development toolkits and farther more improve their knowledge of hacking skills as well as toolkits because it has become easier to obtain these toolkits on line, For that trend, it has been difficult for computer security specialists to counteract DDoS attacks. In this paper, we will introduce an essential control list to prevent malware infection with live forensics techniques after analysis of monitoring network systems and PCs. Hopefully our suggestion of how to coordinate a security monitoring system in this paper will give a good guideline for cooperations who try to build their new systems or to secure their existing systems.

Studying on Expansion of Realtime Blocking List Conception for Spam E-mail Filtering (스팸 메일 차단을 위한 RBL개념의 확장에 관한 연구)

  • Kim, Jong-Min;Kim, Hion-Gun;Kim, Bong-Gi
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.12 no.10
    • /
    • pp.1808-1814
    • /
    • 2008
  • In addition to RBL function, which is used to applying for spam e-mail filtering, as an effective way to deal with the recently widespread spam types, this paper proposes how to extract URL that was comprised in the original e-mail, apply it to RBL, and expand it. The BotNet, which is used to using for sending spam mails these days, has a problem that it is not able to solve with the distributed addresses of sent mails in spam e-mails. In general, as these spam e-mails are sent from the infected Zombi PC of individual user, the sent address itself is not efficient and is meaningless to use in RBL. As an effective way to filter spam e-mail sent by BotNet, this paper analyzes URLs that contained in the original spam e-mail and proposes how to effectively improve filter rate, based on the distribution data of URL site tempting users. This paper proposes the sending mechanism of spam e-mails from BotNet and the methods to realize those types of spam e-mails. In order to gather analyzable spam e-mails, this paper also carries out an experiment by configuring trap system of spam e-mail. By analyzing spam e-mails, which have been received during the certain period of experiment, this paper shows that the expanded RBL method, using URLs that contained in spam e-mails, is effective way to improve the filter distribution of spam e-mail.